authorized_keys2 directory idea

Jason Stone jason at
Mon Jun 4 18:23:15 EST 2001

Hash: SHA1

> Incompatibility sucks.
> OpenSSH is security software.  A lot of you keep asking for more and
> more features, and the code keeps growing and growing and growing.
> Assuming that the number of lines per bug is a constant, how long
> before one of these features which noone uses becomes a hole?
> I think it is ridiculous how some people keep demanding change.
> Sorry, but I firmly believe that change for the sake of "I like it" is
> stupid.

I agree.  However, taking such a stand brings with it a risk of
psuedo-forking.  You say you won't take this patch because the feature is
unnecesary bloat.  The patch writer says okay, and just rolls it in
himself on all his boxes.  He also posts it on his website, and all the
other people who liked the idea download it and roll it into their local

Now bug reports start coming in, and incompatibilities start creeping in,
and if neither the bug reporter nor the developers realize that the
version in question has such an "un-authorized" patch, confusion will

How many patches are already in this state?  SecurID?  SRP?  Some sftp
chroot thing?  Others?  Again, I don't disagree with your statement, but
the resultant risk should also be considered.


Version: GnuPG v1.0.6 (FreeBSD)
Comment: See


More information about the openssh-unix-dev mailing list